Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, August 16, 2006

August patch management woes strike again

A suggestion for security pros: Don’t take your vacation in August.  Indeed, a pattern has emerged in recent years in which attackers take a recently disclosed Microsoft flaw and exploit it in dramatic fashion, often in the first two weeks of the month.  This year, security experts are sounding the alarm because of a critical Windows Server Service flaw that Microsoft addressed with its August patch release.  By Sunday, attackers were targeting the Windows Server Services flaw with malware in a bid to expand their IRC-controlled botnets.

“Something always happens during the Christmas holiday, and it wrecks the holidays for IT administrators, and something always seems to happen in August to wreck their summer vacations,” she said.  “Also, System Administrator Day is July 28, so maybe things happen in August to reinforce the appreciation everyone has for us.”

Paul Asadoorian, lead IT security engineer for Brown University in Providence, R.I., speculated that the annual Black Hat hacker event in Las Vegas is a factor.  “People go to Black Hat and pick up all this knowledge about how to exploit various technologies,” Asadoorian said, “then they decide to use Patch Tuesday to practice their newest skills.”  That’s especially problematic in a university environment, he said, since students returning to campus in August tend to come with computers that are infected with malware.

In the case of the Windows Server Service flaw, Bradley and Asadoorian are bracing for what may be another awful August.  “We separate student computers from the rest of the campus and check them for problems before letting them on the network.  Network access and/or endpoint assurance are two technologies every organization should try to take advantage of, something that checks the host when it tries to plug into the network,” Asadoorian said.  “The good news is that the newer platforms are in wider use,” she said, noting that her environment is now made up of machines running Windows XP SP2 and Windows 2003.

Bradley’s advice for dealing with the current threat is to separate the MS06-040 patch from the rest of this month’s urgent updates and deal with that one first.,289142,sid14_gci1210536,00.html

Posted on 08/16